A certificate is used to identify a server. In the web, the name in the certificate needs to match the host name in the URL you clicked on or entered into the web browser. There are situations when one name is not enough. A site can be reached as “http://www.example.com” as well as “http://example.com”. Because of this situation, certificates has an extension called Subject Alternative Name – SAN. One certificate can have many SANs.

It is important that your http client – the browser or the application – can verify these names. The certificate in test #3 has two names – one CN (Common Name) and one SAN. The SAN name is invalid, which means that the certificate in itself is invalid. Your client should not connect to this server.

Fork us on Github

All the tests, including keys and certificates, are available on Github.
https://github.com/edvinanet/tls-o-matic
That's also where you will find all the current tests while waiting for us to write documentation here.

What is TLS?

"The TLS protocol provides communications security
over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."
From RFC 5446 that defines the current TLS - version 1.2. Wikipedia is also a good help in explaining TLS.